On 10/16/07, mabshoff <[EMAIL PROTECTED]> wrote: > On Oct 17, 1:09 am, "William Stein" <[EMAIL PROTECTED]> wrote: > > On 10/16/07, Timothy Clemans <[EMAIL PROTECTED]> wrote: > > You're right; that's exactly what I want to do. I want to make it so the > > working pool sage* users can't use the network in any way. They are > > users in the chroot jail, so the question is -- how can I make it so a > > given user can't use the internet on a unix machine, assuming said > > user doesn't hack the machine and become a different user? > > I would suggest not to actually use unixy infrastructure to create the > users.
Not using the unix infrastructure to manage users and permissions is reinventing the wheel. In fact, it's reinventing a very difficult wheel that -- if I reinvent it -- will certainly be easily broken. > But that certainly involves a decent amount of coding to do > your own user creation/permission management and so on. It's coding that (1) has nothing to do with math, so I won't do it, and (2) even if I did do it, I'm sure I would get it totally wrong in comparison to the implementation in a modern unix system. > Trying to > secure unix user accounts seems doomed in my opinion. I agree. Trying to secure *** (insert anything) accounts against all possible attacks is doomed. However, making *** accounts less insecure is reasonable thing to do. > Using IP tables > is also pointless because you have http[s] access and can bring in > everything you need that way. It is just a little bit more effort. I can't comment about this, but what I need is just to block a certain group of users from having *any* ability to open *any* outside connection, including http. The worksheet processes do not have anything to do with http. http all involves the server process, which doesn't have to be firewalled in this way, since it is likely much more difficult to hack (it does *not* run arbitrary code, etc.). > > And yes, I know, if only I would release a "SageLite" that was the sage > > notebook without the hard-to-build Sage math library, then all kinds > > of unix gurus would just solve all these problems for me (since then the > > notebook would be popular and independently interesting beyond Sage). > > I really want to do that. > > > > I agree. Cool. I wish I had more time to do it. William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
